SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 89

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Incorrectly using a variadic function can result in abnormal program termination, unintended information disclosure, or execution of arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

DCL50-CPP

High

Probable

Yes
Medium

No

P12

L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

function-ellipsis
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-DCL50
Clang
Include Page
Clang_38_V
Clang_38_V
cert-dcl50-cppChecked by clang-tidy.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.ELLIPSIS

 

Ellipsis

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++2012, C++2625
Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.FUNC.VARARG


LDRA tool suite
Include Page
LDRA_V
LDRA_V

41 S

Fully Implemented

Parasoft C/C++test
9.5MISRA2004-16_1 
Include Page
Parasoft_V
Parasoft_V
CERT_CPP-DCL50-a

Functions shall not be defined with a variable number of arguments

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: DCL50-CPPChecks for function definition with ellipsis notation (rule fully covered)
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
function-ellipsis
Fully checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

UNSAFE_09Fully implemented
PRQA QA-C++ Include PagePRQA QA-C++_VPRQA QA-C++_V

2012
2625

 
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
FunctionEllipsis
 

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[ISO/IEC 14882-2014]Subclause 5.2.2, "Function Call"
Subclause 14.5.3, "Variadic Templates"
 
 


...